Are foreign cloud providers exploiting privacy concerns?

A panel of technology officials Wednesday warned members of a House subcommittee about the challenges of overseas expansion confronting the burgeoning cloud computing market, including privacy and security concerns and efforts by foreign governments to protect domestic providers at the expense of U.S. companies.

Those two issues are closely coupled, the witnesses testified, citing a growing body of regulations that foreign governments, particularly in European Union member states, have enacted that restrict access for U.S. firms to their markets. Often, the regulations are proffered in response to highly publicized concerns that the Patriot Act and other laws give U.S. government authorities unfettered access to data stored with U.S. companies.

"There are major barriers to the competitiveness of American cloud companies internationally. Concerns about data privacy limit the willingness of foreign companies to do business with U.S. firms and threaten to exclude American companies from competing abroad," said Justin Freeman, corporate counsel for Rackspace.

"There's a perception, even if unfounded, that U.S. privacy protections are insufficient to protect the data which is stored either on U.S. soil or with U.S. companies," Freeman added.

Critics of those policies have charged that the alleged privacy and security concerns are presented as scare tactics, a red herring intended as a protectionist measure to stifle potential competitors to domestic companies. David Castro, a senior analyst with the Information Technology and Information Foundation, called those restrictive provisions a form of "cloud mercantilism" that threatens free and fair global trade in the IT sector.

The Business Software Alliance (BSA), a leading trade group representing members of the software and hardware sector, recently issued a report, entitled "Lockout," that warned of the various practices that foreign nations have adopted that "discriminate" against IT providers.

Testifying before the House Judiciary Committee's Subcommittee on Intellectual Property, Competition and Internet, BSA President and CEO Robert Holleyman cited a Chinese policy requiring cloud providers wishing to do business in that country to form a joint venture with a domestic firm and agree to certain provisions about sharing source code.

At the other end of the spectrum, he pointed to comments that government officials in Germany have made calling for businesses and consumers to limit their use of cloud services to those stored within the country. Then Deutsche Telekom, with government backing, has been promoting a campaign to gin up privacy and security concerns about dealing with U.S. cloud providers associated with the Patriot Act, Holleyman said.

"The Patriot Act is frequently -- and ominously -- invoked by foreign governments and international competitors. Its powers are exaggerated and misconstrued, leaving the impression that the U.S. government has far greater ability to access data in the cloud than any other government," he said in his prepared testimony. "This simply isn't true. But that hasn't stopped others from using the Patriot Act as a weapon against U.S. cloud providers."

Holleyman praised the efforts of U.S. officials, particularly Phillip Verveer, deputy assistant secretary of state, for their work mounting an education campaign to dispel myths about the privacy implications of the Patriot Act in the era of cloud computing.

The witnesses also told lawmakers that the United States and other nations could help reduce trade barriers in the cloud-computing space by working to harmonize privacy laws and international standards. Dan Chenok, executive director of IBM's Center for the Business of Government, urged policymakers to rally behind internationally viable open standards that can resolve some of the cross-border issues that arise with cloud computing.

"The benefits of cloud can best be achieved by reliance on open standards that promote data portability and interoperability, which are critical for successful adoption and delivery of cloud-based solutions. An open standards approach would also help location-based mandates," Chenok said. "Governments could enhance the cloud's efficiency and cost effectiveness by avoiding location mandates and leveraging and encouraging an open global model."

Kenneth Corbin is a Washington, D.C.-based writer who covers government and regulatory issues for CIO.com.

Follow everything from CIO.com on Twitter @CIOonline, on Facebook, and on Google +.

Copyright 2019 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.